Articles

17 Custom Payload with Veil

December 2, 2019


Now we have successfully downloaded the veil packages on our machine. That means we can just sit on this veil framework and you will see that we just get this tool running in our Caylee missing. So it means lose everything over here. We done this. So now you have to use this machine or basically use this framework. So let’s see how can this do that. So here first of all you can see the available commands over here. And each of these command have the information that is just given right to the next of it and you can see the available tools and that evasion is a payload it ordinance is a so excellent we are basically excellent payload so let’s use this valley vision to make the payload. So first of all you can see that this update matter is a very important method because what happens is now in time again that the antivirus is will just update everything in order to get our code or in order to catch our malicious code. So in order to just get a that basically bypass every antivirus that is possible. You have to update this real framework. I mean again if you don’t do this your veil of framework will be outdated and there is a high chance of your payload being caught by any of these antivirus that is available in the market. So make sure that you update time and again if you are working with the veil promote because this makes you your pillar stronger than before because it is going to update every database that is available in the antivirus. So this is basically some changes that will mix in every time and again because we want the viruses or we want the backdoor to be uncorked by any of the anti viruses. So make sure you update with this command which is simple you can type update and you will just have the new Virgin of the veil free. But now we are going to use the command. That means we have here that is available to all. And in this case I ability told me before that we are going to use a vision because we want to make the backdoor. So I’m just saying their use in a one because one is for the vision. So if I hit into it is going to say give us some information now and you can see we are inside now the valley vision. So we are inside the very vision and you could clearly see we have these 41 payloads lauded and this will be also same information in your case and you can see the available command sober him so you can clearly see there is a back command and take video command which is basically take Virus Total dot com against the generated hashes will see in the next lecture you can see all of this come on in full command list command to use command and everything. So let me see if I see a list if I hit enter. You can see all of the payload which is obviously forty one payload which is one over here for two on payload loaded. And we’ll have all these available payload right here so you can clearly see we have now this abundance of payload. You can just get any of this payload to communicate from the blind to the college Linux but you can see the naming convention over here. So the first one you can clearly see that it is with the name flat dot B way which obviously is a python file and it is written in this auto it auto it is a programming language that is also a scripting language. Same as a python but this is going to park is your application. So this is auto it and basically it works same as a power cell. So we write some code in the power cell. So that is similar to the auto it too. So you can see the interpreter or basically the payload that is written in these C languages which is C programming languages girl languages which is also the powerful languages you can see of some of the Pilbara region in the power cell. You can see these bundles of payload are written in a python. So we’re going to cover what the payload we can just do are basically we’re going to cover reverse. Yes. Yes using the socket programming and we’ll just make complete backdoor after we discover that Python lecture. But for now while this is sticking to the Linux that means we’re going to do in the Linux world that is in the college Linux we’re not the python way. So let’s go and make use up maybe this 14 number which is seeing a lot of people in the module let’s go with the 15 number because this has the reverse yes TTP yes. So this is important. So let me first copy this because this information is very critical information. So let’s copy this and we can now let’s open some if pad and look as best you do over here. So this is important information. So let’s go down and you can see now that we have this bunch of payload right here. So you have to now use any of this payload in order to make that is your backdoor. So in my case I’m going to use that is the 50 number. Let’s take that is in the 15 number. So I’m just saying use 15. So now it is going to give us again the information that is showing so much of required up since then. These are the options that is very critical. So you can see we have this yellow host. We have this yellow board. So this is basically the hoist in a board that the client must in one to communicate to this columnist. So you have to give exact information over here because this is critical information and if you want the client to communicate to the limousine this information should be correct. Otherwise it is not going to this connect to the limousine. So first of all what I’m going to do is we have to see the IP addresses because that is the yellow host over here. So in order to see the IP address of Kylie because we want the Mustin that is our window my sin to be communicate with this columnist in that means we will have to get the information that is IP address of this column missing. So if I eat into so you could clearly see the see the information which is the IP address of this missing. But we have to now we we basically can’t simply put here and we can just write. So that is not possible. So there is this available commands in order to change these options. So what we can do is we’ll just use this set of some number here and how this is set. And now we want this yellow host. So it is case sensitive you can do something like this will host. So it should be all in uppercase. And if I say I’ll host an IP address 1 9 2 168. And that is 1. And it is too old or eleven. It is it maybe twelve is twelve. So this is your real list. So if I hit into then we have now synced and if I say invoice again it is only Dobson’s not so absence. So we can see now we have changed. This will host. So we have now the yellow host with the IP of the Mideast plate handler. That means we haven’t seen this met a split. This is also a framework that is going to give us a connection but we are just saying that we want this handler which is basically the communication. So this is the barometer which is going to give us the communication between the client and the server. So next thing you can see the airport. So I’ll just stay in the seal port to do so. This is set airport and I want maybe four four four four. So let’s see options again and you can see now it has been changed to fulfill fulfill. And you can also see the yellow host. Now you can see some of this information we may not be critical but I have this figured out that if you want to just get all of these bypassed or basically if you want to get bypass from the antivirus that is available then you can send or you can also make some modified on this name field. You can do something like you can just add the user name maybe the same set user name and user name maybe hacker or so a hacker is the keyword that is going to be traced. So I’ll just say test so you can do something like this because we want this payload to be different from another. Because if you make a unique payload that is not going to be traced or tracked by any antivirus. So our main aim will be that is to make a unique from others because they have the least are basically they have the signatures of that device. They have so many payloads that is in the file. It’s a signature in the indie viruses so that if our file or if our payload matches with any of that signature then they are going to see us that this payload is a virus. So that is the way antivirus is work. So make sure that you make this payload is unique it’s possible because if you make a unique this then it is not going to be traced. So let me change again to some of these arguments. Let’s say I want to change these processes which is right here. So let’s give this process or maybe one and the options. Now you can also see no options and now you can see we have seen this process. So now if you want to now generate you can see the option right here saying generic. So let’s hit this then Rick and it is giving us the information what this payload will be. So I’ll the payload payload is my or name. So if you also hit it that is Intel then it is also going to give us the payload as a default. So let’s it into. And this is going to do some information that is going to back is US is a backdoor. So we have seen now that we have now. So it is saying unable to create the file because I have already created over there with the same court so let’s go over here I think I have created the name. So let’s go with there and in your case if you have done this first time it is going to create in maybe that is in the veil. So first of all you have to see where that is stored. So it will be stored in make is that is var bliss go to the computer. It will be in them. Ready Vale is the framework because Vale is a framework that is going to be inside this library and now it is going to be in output and the source and you can see we have this reversed. Yesterday Pierce dart CO and payload dart go so you can see we have created this sound file and this is the payload. And basically now next thing what you can do is you will just transport this to the client machine. So we’ll see about the listeners in the next lecture and we’ll just pass this reverse sensitively as with some basic delivery method in the upcoming lecture and we’ll just make a complete connection from the client to this server. So let’s see that in the next Lexus in the next one.

You Might Also Like

No Comments

Leave a Reply